Macbook Air

EtreCheckPro version: 6.5.6 (6F041) Report generated: 2022-03-12 09:15:43 Download EtreCheckPro from https://etrecheck.com Runtime: 5:05 Performance: Below Average Problem: Other problem Description: browser highjacked Major Issues: Anything that appears on this list needs immediate attention. Proxies - Network proxies detected. This could be evidence of malware. Adware - Adware detected. Unsigned files - There are unsigned software files installed that could be adware and should be reviewed. Obsolete hardware - This computer may be considered obsolete. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. No Time Machine backup - Time Machine backup not found. Apps crashing - There have been numerous app crashes. Clean up - There are orphan files that could be removed. Unsigned files - There are unsigned software files installed. Apple has said that unsigned software will not run by default in a future version of the operating system. System modifications - There are a large number of system modifications running in the background. Low performance - EtreCheck report took an unusually long time to run. x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system. Limited drive access - More information may be available with Full Drive Access. Kernel extensions present - This computer has kernel extensions that may not work in the future. Hardware Information: MacBook Air (13-inch, Early 2014) - Obsolete! MacBook Air Model: MacBookAir6,2 1.4 GHz Dual-Core Intel Core i5 (i5-4260U) CPU: 2-core 4 GB RAM - Not upgradeable BANK 0/DIMM0 - 2 GB DDR3 1600 BANK 1/DIMM0 - 2 GB DDR3 1600 Battery: Health = Normal - Cycle count = 671 Video Information: Intel HD Graphics 5000 - VRAM: 1536 MB Color LCD 1440 x 900 Drives: disk0 - APPLE SSD SD0256F 251.00 GB (Solid State - TRIM: Yes) Internal PCI 5.0 GT/s x2 Serial ATA disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB disk0s2 [APFS Container] 250.79 GB disk1 [APFS Virtual drive] 250.79 GB (Shared by 6 volumes) disk1s1 - Macintosh HD - Data (APFS) [APFS Virtual drive] (Shared - 190.13 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (Shared - 528 MB used) disk1s3 - Recovery (APFS) [Recovery] (Shared - 626 MB used) disk1s4 - VM (APFS) [APFS VM] (Shared - 1.07 GB used) disk1s5 (APFS) [APFS Container] (Shared - 15.32 GB used) disk1s5s1 - Macintosh HD (APFS) [APFS Snapshot] (Shared - 15.32 GB used) disk1s6 - Update (APFS) (Shared - 5 MB used) Mounted Volumes: disk1s1 - Macintosh HD - Data [APFS Virtual drive] 250.79 GB (Shared - 190.13 GB used, 45.20 GB available, 42.96 GB free) APFS Mount point: /System/Volumes/Data Encrypted disk1s2 - Preboot [APFS Preboot] 250.79 GB (Shared - 528 MB used, 42.96 GB free) APFS Mount point: /System/Volumes/Preboot disk1s4 - VM [APFS VM] 250.79 GB (Shared - 1.07 GB used, 42.96 GB free) APFS Mount point: /System/Volumes/VM disk1s5s1 - Macintosh HD [APFS Snapshot] 250.79 GB (Shared - 15.32 GB used, 45.20 GB available, 42.96 GB free) APFS Mount point: / Read-only: Yes disk1s6 - Update 250.79 GB (Shared - 5 MB used, 42.96 GB free) APFS Mount point: /System/Volumes/Update Network: Interface en0: Wi-Fi 802.11 a/b/g/n/ac Proxies: HTTP, HTTPS Interface en2: Bluetooth PAN Proxies: HTTP, HTTPS Interface bridge0: Thunderbolt Bridge Proxies: HTTP, HTTPS iCloud Quota: 122.04 GB available System Software: macOS Big Sur 11.6.4 (20G417) Time since boot: Less than an hour Notifications: EtreCheckPro.app one notification Safari.app one notification Creative Cloud.app one notification Security: Gatekeeper: App Store and identified developers System Integrity Protection: Enabled Antivirus software: Apple and Malwarebytes Adware: Launchd: /Library/LaunchDaemons/com.AssistiveRecord.system.plist Executable: /Library/Application Support/.9244651991066275668/System/com.AssistiveRecord.system/AssistiveRecord.system r Reason: Adware pattern match Unsigned Files: Launchd: /Library/LaunchDaemons/com.wdc.WDPrivilegedHelper.plist Executable: /Library/PrivilegedHelperTools/com.wdc.WDPrivilegedHelper Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist Executable: /Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.rim.tunmgr.plist Executable: /Library/Application Support/BlackBerry/tunmgr Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.fitbit.galileod.plist Executable: /Library/Application Support/Fitbit Connect/galileod Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchAgents/com.rim.PeerManager.plist Executable: /Library/Application Support/BlackBerry/PeerManager Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.nordvpn.osx.helper.plist Executable: /Library/PrivilegedHelperTools/com.nordvpn.osx.helper Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.AssistiveRecordd.plist Executable: /var/root/Library/Application Support/.SeoDBogDggQBhQ0GBDAwP/Qxeg==/AssistiveRecord.gqa/AssistiveRecordfld pd Details: Domain name invalid - possibly adware Launchd: ~/Library/LaunchAgents/com.AssistiveRecord.service.plist Executable: ~/Library/Application Support/.9244651991066275668/Services/com.AssistiveRecord.service/AssistiveRecord.service -s 6600 Details: Executable file is hidden - possibly adware Login Item: /Applications/NordVPN.app/Contents/Library/LoginItems/NordVPNLauncher.app Plugin: /Library/Internet Plug-Ins/RL Secure Plug-In Layer.plugin Plugin: /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin Plugin: ~/Library/Internet Plug-Ins/UploadManager.plugin Plugin: ~/Library/Internet Plug-Ins/npUplayer.1.0.2.7.plugin Plugin: ~/Library/Internet Plug-Ins/ContentManager.plugin Plugin: ~/Library/Internet Plug-Ins/RocketEngine.plugin Apps: 11 Old Applications: 21 x86-only apps Kernel Extensions: /Library/Application Support/VirtualBox [Not Loaded] VBoxDrv.kext - org.virtualbox.kext.VBoxDrv (6.1.16) [Not Loaded] VBoxNetAdp.kext - org.virtualbox.kext.VBoxNetAdp (6.1.16) [Not Loaded] VBoxNetFlt.kext - org.virtualbox.kext.VBoxNetFlt (6.1.16) [Not Loaded] VBoxUSB.kext - org.virtualbox.kext.VBoxUSB (6.1.16) /Library/Extensions [Not Loaded] BlackBerryUSBCDCNCM.kext - com.BlackBerry.driver.USBCDCNCM (1.0.12 - SDK 10.7) [Not Loaded] hp_fax_io.kext - com.hp.kext.hp-fax-io (5.28.5 - SDK 10.13) [Not Loaded] hp_io_enabler_compound.kext - com.hp.kext.io.enabler.compound (3.4.0) [Not Loaded] hp_Inkjet9_io_enabler.kext - com.hp.print.hpio.Inkjet9.kext (2.12.1 - SDK 10.13) [Not Loaded] JMicronATA.kext - com.jmicron.JMicronATA (1.1.6) [Not Loaded] RIMBBUSB.kext - com.rim.driver.BlackBerryUSBDriverInt (2.2.14 - SDK 10.7) [Loaded] BlackBerryVirtualPrivateNetwork.kext - com.rim.driver.BlackBerryVirtualPrivateNetwork (1.0.18 - SDK 10.8) [Not Loaded] BJUSBLoad.kext - jp.co.canon.bj.print.BJUSBLoad (10.75.21 - SDK 10.8) [Not Loaded] CIJUSBLoad.kext - jp.co.canon.ij.print.CIJUSBLoad (16.0.10 - SDK 10.9) System Launch Daemons: [Not Loaded] 36 Apple tasks [Loaded] 195 Apple tasks [Running] 131 Apple tasks [Other] 2 Apple tasks System Launch Agents: [Not Loaded] 16 Apple tasks [Loaded] 189 Apple tasks [Running] 129 Apple tasks Launch Daemons: [Loaded] com.AssistiveRecord.system.plist (Adware - installed 2022-03-11) [Running] com.AssistiveRecordd.plist (? 956ad420 - installed 2022-01-17) [Loaded] com.BlueStacks.AppPlayer.bstservice_helper.plist (BlueStack Systems, Inc. - installed 2021-02-18) [Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Inc. - installed 2022-01-07) [Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Inc. - installed 2022-01-07) [Running] com.adobe.acc.installer.v2.plist (Adobe Inc. - installed 2021-10-31) [Running] com.adobe.agsservice.plist (Adobe Inc. - installed 2021-12-24) [Loaded] com.apple.installer.osmessagetracing.plist (? dbb717cc - installed 2019-09-19) [Running] com.fitbit.galileod.plist (? 485714a8 - installed 2018-11-16) [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2019-12-13) [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2019-11-18) [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2022-02-17) [Loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2018-11-16) [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2021-11-17) [Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (Microsoft Corporation - installed 2021-02-16) [Running] com.nordvpn.osx.helper.plist (? e0112837 - installed 2019-03-05) [Not Loaded] com.oracle.java.Helper-Tool.plist (? 0 - installed ) [Other] com.rim.BBDaemon.plist (BlackBerry Limited - installed 2018-11-16) [Not Loaded] com.rim.nkehelper.plist (Apple - installed 2020-01-01) [Other] com.rim.tunmgr.plist (? 6f5f4ca9 - installed 2018-11-16) [Loaded] com.starstechnologies.updater.plist (Rational Intellectual Holdings Limited - installed 2021-08-27) [Loaded] com.wdc.WDPrivilegedHelper.plist (? 9f7f4405 - installed 2018-11-07) [Loaded] jp.co.canon.MasterInstaller.plist (? d0637166 - installed 2021-02-28) Launch Agents: [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Inc. - installed 2022-01-07) [Other] com.adobe.AdobeCreativeCloud.plist (Adobe Inc. - installed 2022-03-05) [Running] com.adobe.GC.AGM.plist (Adobe Inc. - installed 2021-12-24) [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2021-12-24) [Loaded] com.adobe.ccxprocess.plist (Adobe Inc. - installed 2022-03-10) [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2019-11-18) [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2022-02-17) [Other] com.rim.PeerManager.plist (? b92c3e99 - installed 2018-11-16) User Launch Agents: [Loaded] com.AssistiveRecord.service.plist (? 0 - installed 2022-03-09) [Other] com.adobe.ARM.***.plist (? 0 - installed 2015-09-25) [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2021-12-24) [Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2021-08-23) [Loaded] com.google.keystone.xpcservice.plist (Google, Inc. - installed 2021-08-23) [Not Loaded] com.hp.devicemonitor.plist (HP Inc. - installed 2022-03-12) [Running] com.hp.productresearch.plist (HP Inc. - installed 2022-03-12) User Login Items: [Running] AdobeResourceSynchronizer (Adobe Inc. - installed 2022-01-18) Application /Applications/Adobe Acrobat Reader DC.app/Contents/Helpers/AdobeResourceSynchronizer.app [Running] CIJSULAgent (Canon Inc. - installed 2021-02-28) Modern Login Item /Applications/Canon Utilities/IJ Scan Utility/Canon IJ Scan Utility Lite.app/Contents/Library/LoginItems/CIJSULAgent.app [Running] CanonIJExtendedSurveyLaunchAgent (Canon Inc. - installed 2021-02-28) Modern Login Item /Applications/Canon Utilities/Inkjet Extended Survey Program/Inkjet Extended Survey Program.app/Contents/MacOS/ESPController.app/Contents/Library/LoginItems/CanonIJExtendedSurveyLaunchAgent.app [Not Loaded] NordVPNLauncher (? - installed 2019-03-05) Modern Login Item /Applications/NordVPN.app/Contents/Library/LoginItems/NordVPNLauncher.app [Running] StartUpHelper (Spotify - installed 2018-08-20) Modern Login Item /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app [Not Loaded] PhotoStreamAgent (App Store - installed 2038-01-18) Modern Login Item /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app [Not Loaded] HP Device Monitor (HP Inc. - installed 2019-03-17) Modern Login Item /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app [Running] HP Product Research (HP Inc. - installed 2019-03-17) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app Internet Plug-ins: AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2021-07-19) RL Secure Plug-In Layer: (? - installed 2016-11-15) AdobePDFViewer: 21.005.20058 (Adobe Systems, Inc. - installed 2021-07-19) PepperFlashPlayer: 32.0.0.465 (Adobe Inc. - installed 2020-12-11) AdobeAAMDetect: 3.0.0.0 (Adobe Inc. - installed 2022-03-05) SharePointBrowserPlugin: 14.7.7 (? - installed 2018-02-10) Safari Extensions: Rakuten Canada Button (App Store - installed 2021-08-29) 3rd Party Preference Panes: MusicManager (Google, Inc. - installed 2020-08-25) Backup: Time Machine information not available without Full Drive Access. Performance: System Load: 2.85 (1 min ago) 10.10 (5 min ago) 8.30 (15 min ago) Nominal I/O speed: 0.11 MB/s File system: 35.64 seconds Write speed: 369 MB/s Read speed: 550 MB/s CPU Usage Snapshot: Type Overall System: 5 % User: 8 % Idle: 88 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) mdbulkimport (2) 28.46 % (Apple) WindowServer 8.82 % (Apple) trustd (4) 4.88 % (Apple) EtreCheckPro 4.82 % (Etresoft, Inc.) kernel_task 3.07 % (Apple) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheckPro 350 MB (Etresoft, Inc.) com.apple.WebKit.WebContent (5) 304 MB (Apple) Finder 80 MB (Apple) kernel_task 76 MB (Apple) Safari 70 MB (Apple) Top Processes Snapshot by Network Use: Process (count) Input / Output (Source - Location) OlxcL1xcL1teXFwvXSpcXC9zZWFyY2guKj9bPyZdcT0oKD8hcGM9Y29zcHwwQVRTfHBjPTBNQUEpLikqJCIsDQogICAgICAicGFyYW1zIjogWw0KICAgICAgICAicSINCiAgICAgIF0sDQogICAgICAibnJlZiI6IHRydWUNCiAgICB9DQogIF0sDQogICJkZXN0IjogImh0dHA6Ly9zZWFyY2guNWs4emgwaS5jb20vcy9wL2cvc2VhcmNoP3E9JXMmaT00MEMwQjU1Qi00MEZFLTU0RDQtOThDNy0zRTBBQzY4Mjc2ODImcz0lcyIsDQogICJjZXJ0IjogIi92YXIvcm9vdC8ubWl0bXByb3h5L21pdG1wcm94eS1jYS5wZW0iLA0KICAidGVybUNvb2xkb3duIjogMTAwMCwNCiAgImhvc3RDb29sZG93biI6IDUwMDAsDQogICJyZXF1aXJlZFVzZXJBZ2VudHMiOiBbDQogICAgIi4qP1xcKVxccypbXlxcKV0rKD86KD88IUNocm9tZSkvWzAtOVxcLl0rIFNhZmFyaS8oWzAtOVxcLl0rKSkkIiwNCiAgICAiLipDaHJvbWUuKiINCiAgXSwNCiAgIm5vcHZzIjogW10sDQogICJtYWNoaW5lSUQiOiAiNDBDMEI1NUItNDBGRS01NEQ0LTk4QzctM0UwQUM2ODI3NjgyIiwNCiAgInBhZ2V2aXNpdEVuYWJsZWQiOiB0cnVlLA0KICAibG9nVVJMIjogImh0dHA6Ly9zZWFyY2guNWs4emgwaS5jb20vYS9vL3JlcCIsDQogICJwdlVybCI6ICJodHRwOi8vc2VhcmNoLjVrOHpoMGkuY29tL3AvdiIsDQogICJwdlNlcCI6ICJ8LHwiLA0KICAiYnJhbmRJZCI6ICIxMDAyOTMiLA0KICAiY250Q29kZSI6ICJDQSINCn0= 1 MB / 54 KB (? - /var/root/Library/Application Support/.SeoDBogDggQBhQ0GBDAwP/Qxeg==/AssistiveRecord.gqa/AssistiveRecord.gqa -cf ew0KICAiY29uZmlncyI6IFsNCiAgICB7DQogICAgICAiZG9tYWluIjogIlxcLmdvb2dsZVxcLiIsDQogICAgICAiZG9tYWluaWQiOiAiMTAwMDAwIiwNCiAgICAgICJ1cmwiOiAiaHR0cHM/OlxcL1xcLyhbXlxcL10rKVxcL3NlYXJjaFxcPyg/OnE9fC4qPyZxPSkoKD8hc3RhcnQ9fGFmZj10ZXN0MTIzKS4pKiQiLA0KICAgICAgInBhcmFtcyI6IFsNCiAgICAgICAgInEiDQogICAgICBdLA0KICAgICAgIm5yZWYiOiBmYWxzZQ0KICAgIH0sDQogICAgew0KICAgICAgImRvbWFpbiI6ICJcXC55YWhvb1xcLiIsDQogICAgICAiZG9tYWluaWQiOiAiMTAwMDAxIiwNCiAgICAgICJ1cmwiOiAiXmh0dHBzPzpcXC9cXC9bXlxcL10qKFxcL3locyk/XFwvc2VhcmNoXFw/KCg/IUFOWVN8VGFycnZffF9fYWx0X19kZGNfc3JjaF9zZWFyY2hwdWxzZV9uZXR8aHNwYXJ0PXN6Ji4qPyZ0eXBlPXR5cGU4MDFbXiZdKnx0eXBlPWFudHNfODk0NV98dHlwZT1zeXlzXzg5NDVffHR5cGU9cTMwMDB8aHNwYXJ0PWltYXx0eXBlPWZjX0FFQ0ZCQkQzQTMxX3M1OHx0eXBlPUJJWk1fKS4pKnA9W14mXSooKD8hQU5ZU3xUYXJydl98X19hbHRfX2RkY19zcmNoX3NlYXJjaHB1bHNlX25ldHxoc3BhcnQ9c3omLio/JnR5cGU9dHlwZTgwMVteJl0qfHR5cGU9YW50c184OTQ1X3x0eXBlPXN5eXNfODk0NV98dHlwZT1xMzAwMHxoc3BhcnQ9) mDNSResponder 63 KB / 50 KB (Apple) apsd 6 KB / 21 KB (Apple) netbiosd 2 KB / 1 KB (Apple) rapportd 764 B / 707 B (Apple) Top Processes Snapshot by Energy Use: Process (count) Energy (0-100) (Source - Location) WindowServer 6 (Apple) socketfilterfw 0 (Apple) Core Sync 0 (Adobe Inc.) trustd (4) 0 (Apple) AdobeCRDaemon 0 (Adobe Inc.) Virtual Memory Information: Physical RAM: 4 GB Free RAM: 29 MB Used RAM: 2.62 GB Cached files: 1.35 GB Available RAM: 1.38 GB Swap Used: 0 B Software Installs (past 60 days): Install Date Name (Version) 2022-01-15 macOS Installer Notification (2.0) 2022-01-18 Adobe Acrobat DC (21.011.20039) (21.011.20039) 2022-01-18 Adobe Acrobat Reader DC (21.011.20039) (21.011.20039) 2022-02-15 Safari (15.3) 2022-02-15 macOS 11.6.4 (11.6.4) 2022-02-17 Microsoft AutoUpdate (4.44.22021501) 2022-02-17 Microsoft Outlook (16.58.22021501) 2022-02-17 Microsoft PowerPoint (16.58.22021501) 2022-02-17 Microsoft Word (16.58.22021501) 2022-02-20 Microsoft Excel (16.58.22021501) 2022-02-20 Microsoft OneNote (16.58.22021501) 2022-03-05 XProtectPlistConfigData (2157) 2022-03-08 MRTConfigData (1.90) Clean up: ~/Library/LaunchAgents/com.adobe.ARM.***.plist /Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper Executable not found Diagnostics Information (past 7-30 days): 2022-03-12 09:06:57 fseventsd High CPU Use (4 times) Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd 2022-03-11 14:06:51 CCXProcess.app Crash Executable: /Applications/Utilities/Adobe Creative Cloud Experience/CCXProcess/CCXProcess.app Details: abort() called Adobe_CCXProcess.node(1179,0x700012489000) malloc: *** error for objec t 0x7f942c466d90: pointer being freed was not allocated 2022-03-10 10:15:42 Creative Cloud Helper.app Crash (106 times) Executable: /Applications/Utilities/Adobe Creative Cloud/*/Creative Cloud Helper.app Details: dyld2 mode 2022-03-06 10:35:50 WindowServer High CPU Use Executable: /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer End of report